x509 cert

Anton-Dodonov · Anton-Dodonov · commit e6fc257b2a5d · 2025-07-29T08:26:53.000+07:00
diff --git a/common/crypto/x509/x509.go b/common/crypto/x509/x509.go
@@ -440,6 +440,18 @@ func marshalPKCS8PrivateKey(key *rsa.PrivateKey) ([]byte, error) {
 }
 
 func marshalGOSTPKCS8PrivateKey(key *gost3410.PrivateKey) ([]byte, error) {
+	// Determine the correct OID based on the curve size
+	var algorithmOID asn1.ObjectIdentifier
+	rawKey := key.Raw()
+	
+	if len(rawKey) == 32 {
+		// GOST R 34.10-2012 256-bit
+		algorithmOID = asn1.ObjectIdentifier{1, 2, 643, 7, 1, 1, 1, 1}
+	} else {
+		// GOST R 34.10-2012 512-bit
+		algorithmOID = asn1.ObjectIdentifier{1, 2, 643, 7, 1, 1, 1, 2}
+	}
+	
 	// Create PKCS8 structure for GOST private key
 	pkcs8 := struct {
 		Version    int
@@ -448,9 +460,9 @@ func marshalGOSTPKCS8PrivateKey(key *gost3410.PrivateKey) ([]byte, error) {
 	}{
 		Version: 0,
 		Algorithm: pkix.AlgorithmIdentifier{
-			Algorithm: asn1.ObjectIdentifier{1, 2, 643, 7, 1, 1, 1, 1}, // GOST R 34.10-2012 256-bit
+			Algorithm: algorithmOID,
 		},
-		PrivateKey: key.Raw(),
+		PrivateKey: rawKey,
 	}
 
 	// Encode to ASN.1 DER
diff --git a/common/protocol/tls/cert/cert.go b/common/protocol/tls/cert/cert.go
@@ -181,29 +181,42 @@ func MustGenerateSM2(parent *Certificate, opts ...SM2Option) *Certificate {
 
 // GenerateGOST2012_256 generates a certificate using GOST 2012-256 algorithm
 func GenerateGOST2012_256(parent *Certificate, opts ...SM2Option) (*Certificate, error) {
-	// Собираем параметры
+	// Extract parameters from options
 	var (
 		commonName string
+		organization string
+		dnsNames []string
 		expireDays int = 365
 	)
+	
 	for _, opt := range opts {
-		// Извлекаем CommonName и NotAfter из опций (если есть)
-		optFunc := opt
+		// Create a temporary certificate to extract options
 		tmp := &sm2x509.Certificate{}
-		optFunc(tmp)
+		opt(tmp)
+		
 		if tmp.Subject.CommonName != "" {
 			commonName = tmp.Subject.CommonName
 		}
+		if len(tmp.Subject.Organization) > 0 {
+			organization = tmp.Subject.Organization[0]
+		}
+		if len(tmp.DNSNames) > 0 {
+			dnsNames = tmp.DNSNames
+		}
 		if !tmp.NotAfter.IsZero() {
 			days := int(tmp.NotAfter.Sub(time.Now()).Hours() / 24)
 			if days > 0 {
 				expireDays = days
 			}
 		}
 	}
+	
 	if commonName == "" {
 		commonName = "GOST2012-256"
 	}
+	if organization == "" {
+		organization = "Test Organization"
+	}
 
 	certPEM, keyPEM, err := gost.GenerateGOSTSelfSignedCert(
 		gost3410.CurveIdtc26gost34102012256paramSetA(),
